CVE-2025-71319
Received Received - Intake
Denial of Service in image-size Library via Zero-Sized Boxes

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: VulnCheck

Description
image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a denial of service vulnerability in the findBox function when processing specially crafted images with zero-sized boxes. Remote attackers can cause application hang by supplying malicious JXL, HEIF, or JP2 image files with box size zero, triggering infinite loops during image validation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2025-71319
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the image-size library versions 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2. It is a denial of service issue in the findBox function that occurs when processing specially crafted images containing zero-sized boxes.

Remote attackers can exploit this by supplying malicious JXL, HEIF, or JP2 image files with box size zero, which causes the application to enter an infinite loop during image validation, leading to the application hanging.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition. An attacker can cause the affected application to hang indefinitely by sending specially crafted image files.

This can disrupt normal operations, potentially causing downtime or unavailability of services that rely on the image-size library for image processing.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71319. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart